June 28th, 2017

NotPetya ransomware: Attack analysis

On June 27, 2017 a number of organisations across Europe began reporting significant system outages caused by a ransomware strain referred to as Petya. The ransomware is very similar to older Petya ransomware attacks from previous years, but the infection and propagation method is new, leading to it being referred to as NotPetya. Due to the sudden and significant impact of the attack, it was immediately likened to the WannaCry outbreak causing concerns globally. 

Continue Reading

Configure Application Whitelisting for Citrix GoToMeeting

One of the comments I receive most frequently from attendees of my Least Privilege webinar is that web conferencing software, such as Citrix’s popular GoToMeeting, prevents IT departments moving forward with least privilege on the desktop. This kind of software can pose a problem as users are often requested to join meetings at short notice and need to install a client program to participate in the conference. In this post I’ll focus on GoToMeeting, but some of the information could also be applied to other software.

Continue Reading

Active Directory Group Policy and WMI Filters

The scope of a Group Policy Object (GPO) can be controlled with WMI filters, based on criteria such as operating system version or hardware specifications. A WMI filter consists of one or more queries, and if all queries evaluate to true then the GPO linked to the filter will be applied.

Continue Reading

Windows 7 sees Increase in Malware Infection Rate

Windows XP is deemed ‘good enough’ by many, but the fact is that it’s four to five times more vulnerable to malware infection than Windows 7. While this is mainly due to improved security defenses, including least privilege security implemented with the help of User Account Control (UAC), that’s not to say we should be complacent when using Windows 7.

Continue Reading

Privilege Guard 2.7 and Enhanced UAC Integration

Privilege Guard (Edit: now Defendpoint) first introduced UAC (User Account Control) integration in version 2.5, which enables rules to be defined that trigger when an application requires administrator privileges in order to run. Further enhancements to the UAC rule in version 2.7 now allow you to elevate applications that may trigger UAC after the application has already launched. For instance, disk defragmenter and task manager are two applications that launch with standard user rights and only trigger UAC when the user attempts to perform an operation that requires administrator privileges.

Continue Reading

Curated Computing Promises a More Secure Future on the Desktop

While Windows owes much of its success to its flexibility and ease of use, a new computing model, chiefly heralded by Apple in the consumer space, is changing the proposition value for end users.

Continue Reading